AIP-SSM inline mode Question

Unanswered Question
Aug 6th, 2008

Dear all

i have an ASA 5520 with ips module . i installed it since 3 weeks. For the ips module , it is installed in inline mode.

Till now i didnot see any events appeared on the sensor.i configured it to scan http traffic from any source to the inside LAN subnet (10.1.0.0/16)

can i know that if the sensor is working properly or not?? and how ???

The following is the configuration on the ASA:

access-list outside_mpc extended permit tcp any 10.1.0.0 255.255.0.0 eq www

class-map outside-class

match access-list outside_mpc

policy-map outside-policy1

class outside-class

ips inline fail-open sensor vs0

service-policy outside-policy1 interface outside.

please find the attached file for ips config.

Thanks

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
rhermes Wed, 08/06/2008 - 07:58

Your config looks very similar to my working ASA confis. The only exception is your virtual sensor entries in the ASA and the IPS. If you don't need them they can be left out.

Assuming your config is correct, you can try opening up your access list to more traffic and see if you get events. You can turn on signature 2004 for ICMP echo replies if you want to stimulate some events for yourself.

Actions

This Discussion